Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/sxSOPVQh5L9JG3KPSOyh6hbG5Vk.roa
File:                     sxSOPVQh5L9JG3KPSOyh6hbG5Vk.roa (raw, json)
Hash identifier:          a7ybIR2DU62x29IZUqxVFzPBHJLOSUGXPbLWUl9JIXE=
Subject key identifier:   B3:14:8E:3D:54:21:E4:BF:49:1B:72:8F:48:EC:A1:EA:16:C6:E5:59
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0184F84F0AC24D4E513F66F705367D042EFA
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/sxSOPVQh5L9JG3KPSOyh6hbG5Vk.roa
Signing time:             Fri 09 Dec 2022 19:14:00 +0000
ROA not before:           Fri 09 Dec 2022 19:14:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.96.0/24 maxlen: 24
                          79.175.95.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f8:4f:0a:c2:4d:4e:51:3f:66:f7:05:36:7d:04:2e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Dec  9 19:14:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b3148e3d5421e4bf491b728f48eca1ea16c6e559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ef:04:0f:38:db:9e:05:83:c1:76:79:4b:bd:
                    44:8c:1c:09:bd:16:5b:70:77:f4:09:e5:31:ef:f9:
                    5f:50:28:cb:3c:42:4e:33:54:79:57:e5:78:72:4f:
                    32:6c:8a:fe:92:b2:8e:ec:7c:7a:99:e8:db:34:7c:
                    ed:00:00:ba:7a:4a:d1:cf:71:ee:0a:cf:27:13:11:
                    aa:6b:ff:d8:14:24:43:e7:75:86:52:48:3c:b9:b7:
                    f6:1d:39:7b:e3:d0:10:5c:c7:5d:e3:b5:d0:c2:8f:
                    48:8a:6a:79:ab:2d:6d:68:33:c0:a8:20:27:7a:04:
                    77:c4:9a:33:60:e0:19:5d:20:73:b2:70:94:55:c9:
                    22:ac:0d:90:7c:b8:42:99:db:c1:81:a5:43:46:eb:
                    32:b7:5f:bb:2d:46:3e:d1:f3:22:13:ec:23:d4:66:
                    70:93:49:10:77:09:07:ef:98:85:36:84:3c:f5:40:
                    e0:83:74:fa:f2:07:8d:ad:4a:8a:41:32:b9:b7:d2:
                    71:98:62:01:4d:d0:39:31:26:4c:7a:67:6b:54:e1:
                    ea:3a:ba:3f:1c:e8:82:ec:a2:04:9f:08:b1:06:8d:
                    f2:a1:d8:73:b9:87:50:7d:19:4c:49:96:17:b1:85:
                    06:86:5f:fb:f7:28:b1:7c:cc:26:2b:08:c7:63:a8:
                    c5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:14:8E:3D:54:21:E4:BF:49:1B:72:8F:48:EC:A1:EA:16:C6:E5:59
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/sxSOPVQh5L9JG3KPSOyh6hbG5Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0-109.121.34.255
                  109.121.37.0/24
                  109.121.39.0/24
                  109.121.42.0/23
                  109.121.45.0/24
                  109.121.47.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:11:00:71:95:e8:f9:62:94:21:ba:dd:0a:61:fa:fe:15:d6:
         e7:30:be:57:5e:25:50:ba:ce:65:52:13:8e:70:2e:71:96:ed:
         56:58:b0:5b:71:ba:c1:a0:8d:2a:4f:46:eb:7a:cb:11:c0:a1:
         6c:ba:44:37:5f:3a:a4:89:9e:23:70:2b:ea:0e:8b:8c:e6:c0:
         eb:ff:c5:a5:b8:ec:a3:c2:3c:76:5d:96:ee:60:b7:59:43:2a:
         ed:4f:7a:47:6b:57:fa:df:3b:01:b5:85:2f:3f:aa:41:a0:38:
         10:02:53:44:99:cc:4e:b6:14:fe:26:54:a6:16:6a:6c:b9:5c:
         1c:7e:5a:1c:8d:b8:3d:d2:df:40:27:f5:c7:33:a8:bc:d7:5d:
         38:09:95:3d:ae:0b:b2:da:e8:9b:0c:3b:77:f8:9d:9f:e5:6f:
         0c:b2:d0:63:2a:81:08:10:86:5f:44:f1:f1:5d:6d:f0:64:02:
         03:09:e8:b7:d8:04:6e:ec:79:58:a8:13:a8:52:6c:cd:a1:38:
         a2:7c:1d:05:a0:4b:18:43:b5:74:e5:26:b9:f3:25:6a:5f:ad:
         4d:5e:bd:22:a4:08:7f:f7:1d:04:cf:f8:18:c1:96:bc:67:a4:
         c6:cb:3e:44:a4:be:9c:d2:d4:a1:f8:3a:02:41:2f:52:2a:3e:
         63:8f:3e:f7
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYT4TwrCTU5RP2b3BTZ9BC76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMjA5MTkxNDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE0OGUzZDU0MjFlNGJmNDkxYjcyOGY0OGVjYTFlYTE2YzZlNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+8EDzjbngWDwXZ5S71EjBwJvRZb
cHf0CeUx7/lfUCjLPEJOM1R5V+V4ck8ybIr+krKO7Hx6mejbNHztAAC6ekrRz3Hu
Cs8nExGqa//YFCRD53WGUkg8ubf2HTl749AQXMdd47XQwo9Iimp5qy1taDPAqCAn
egR3xJozYOAZXSBzsnCUVckirA2QfLhCmdvBgaVDRusyt1+7LUY+0fMiE+wj1GZw
k0kQdwkH75iFNoQ89UDgg3T68geNrUqKQTK5t9JxmGIBTdA5MSZMemdrVOHqOro/
HOiC7KIEnwixBo3yodhzuYdQfRlMSZYXsYUGhl/79yixfMwmKwjHY6jFQQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLMUjj1UIeS/SRtyj0jsoeoWxuVZMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvc3hTT1BWUWg1TDlKRzNLUFNPeWg2aGJHNVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBABPr18D
BABPr2AwDAMEAG15IQMEAG15IgMEAG15JQMEAG15JwMEAW15KgMEAG15LQMEAG15
LwMEALz/1AMEANRFCzANBgkqhkiG9w0BAQsFAAOCAQEAjBEAcZXo+WKUIbrdCmH6
/hXW5zC+V14lULrOZVITjnAucZbtVliwW3G6waCNKk9G63rLEcChbLpEN186pIme
I3Ar6g6LjObA6//Fpbjso8I8dl2W7mC3WUMq7U96R2tX+t87AbWFLz+qQaA4EAJT
RJnMTrYU/iZUphZqbLlcHH5aHI24PdLfQCf1xzOovNddOAmVPa4Lstromww7d/id
n+VvDLLQYyqBCBCGX0Tx8V1t8GQCAwnot9gEbux5WKgTqFJszaE4onwdBaBLGEO1
dOUmufMlal+tTV69IqQIf/cdBM/4GMGWvGekxss+RKS+nNLUofg6AkEvUio+Y48+
9w==
-----END CERTIFICATE-----